Mutiple servers using port 443
Hi,
I am looking to set up several websites that utilise port 443 for SSL
behind
my firewall.
I understand that the reverse proxy in BM will only forward from port
443 to
port 443.
As I only have one public IP address I was looking to use ports such
as
51443, 52443 and redirect to port 443 on the various internal servers.
Is this possible using the generic TCP proxy or is there another way
of
doing this I am using BM 3.6
All suggestions gratefully rec'd
David
presumably if that failed I could use a hardware firewall such as a
cisco
PIX to do the job.
set up some sort of DMZ and put the servers in there.
"Craig Johnson" <[email protected]> wrote in message
news:[email protected]..
> In article <skPnb.461$[email protected]>, David
> Quickfall wrote:
> > Is this possible using the generic TCP proxy or is there another
way of
> > doing this I am using BM 3.6
> >
> Generic proxy will work fine, (and in fact it probably works better
than
> using reverse proxy for 443). Set up one generic proxy for each
port.
>
> I don't know if you can successfully use the port translation
ability of
> generic proxy here. (Proxy port 444 to 443). I don't think that
works
> for SSL.
>
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***
>
Similar Messages
-
Ichat is not working. tried using port 443 and still does not work
ichat not working. tried using port 443 and i stay on for about 45 seconds then it disconnects. Can you help?
HI,
Can you tell me the make and model of your routing device.
The 10 Second error message is caused by a break in the connection.
This could be the Wifi being dropped (if you are using WiFi) due to interference from other nearby routers.
It can be dues to setting or features of the router and if the experience has changed that could be due to a speed increase in your internet service.
If you are using Ethernet and having this issue it is much more likely to be a setting/feature issue.
Examples.
Netgears. These have a separate WAN set up page that lists either DoS or SPI as one of the things that can be Enabled or Disabled.
Linksys. If your model has a Security tab and this has Firewall then DoS and SPI are port of this.
Netopia devices Tend to have a 4 level Firewall which DoS and SPI are part of the two highest settings.
DoS = Denial Of Service and is a Threshold based "Protection" Feature.
it judges whether too much data is being sent to you (it was designed originally to stop people overloading Web Servers (many people, many refreshes).
iChat can outstrip the setting with most Internet Connections in most part of the world. (In fact iChat can send more data than most Video Streaming sites)
One thing you can do that may get around this is to reduce the Bandwidth used in iChat (iChat Menu > Preferences > Video Section > Bandwidth Limit drop down)
Try 500kbps
10:07 PM Wednesday; November 23, 2011
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images." No, Seriously -
Using one public ip for ssh`ing to different internal servers using port-redirections
Hi, we are having a requirement to use the same public IP to ssh into different internal servers using port re-direction. So lets say from outside, if a user does ssh @ root 4.4.4.4 2222, it should go to a sshsrv1 and then ssh @ root 4.4.4.4 2223 to sshsrv2
My config is like this:-
object network sshsrv1
host 10.110.100.10
nat (inside,Outside) static 4.4.4.4 service tcp 22 2222
And then i allowed the object "sshsrv1" in my inbound acl from outside.
It dosen`t seem to work. Is this doeable?
Any suggestions??Hi,
Would need to see your NAT configurations.
There is a possibility that you have a NAT configuration that might be preventing this from working. Then again you are using an extra public IP address for this so it seems strange.
Could you try the "packet-tracer" command
packet-tracer input outside tcp 12345 2222
This should tell us if there is some problem in the ASA configurations.
- Jouni -
IPS 4260-70 Events to Saalt - RSA using PORT 443
I have a request to send all IPS 4260-70 on os vs 7.0.4(e4) Events to Saalt - RSA using PORT 443. I created an admin account, how do you configure the port 443?
Edwin;
Cisco's IPS sensors do not send events by default; they make use of the Security Device Event Exchange (SDEE) protocol in a client-server implementation (the IPS being the server and the remote application being the client). By default, the IPS will listen on TCP port 443 for SDEE connections requesting events or opening a SDEE subscription. The remote application (Saalt?) should require configuring the IP address of the IPS and a username/password for logging into the IPS. The IPS will need an access list entry for the remote application host to allow successful communication.
Scott -
Does eprint software communicate with computer it is installed on using port 443?
I have eprint installed with laserjet 551 dn color printer. My computer has 64 bit windows 7 installed. My firewall had issues with the software when https inspection was turned on (Microsoft Forefront TMG). If I exclude the printer client(IP address of printer) and the domain name of *.hpeprint.com the software will connect. After a number of days the connection is lost and can be restored for a few days again by disabling https inspection and refreshing at the hpeprint center. It is likely the eprint software is trying to communicate with my computer over port 443. Does anyone have information on this? If details are available a listener could be set up for the protocol on the firewall to mantain the connectivity without disabling https inspection.
The ePrint Software (www.hp.com/go/eprintsoftware) operates on the following
Print job communication and transfer:
● Print jobs are transfered from the HP ePrint Software to the HP cloud eprintcenter.com through HTTPS (Oauth
authentication).
NOTE: if you are sending emailed print jobs (ie- not using ePrint Software) eprintcenter.com would accepts the SMTP print jobs, which depending on your setup might leave your host via POP3, IMAP, etc
● The HP cloud sends notification to the HP web enabled ePrint device of the pending print request through XMPP—an
XML-based messaging procedure.
● The Web-connected printer authenticates to HP ePrintcenter cloud to receive the pending ePrint requests in queue. The
ePrint device establishes an HTTPS connection and downloads the job(s)
Though I am an HP Employee, my posts express my opinion, and not of HP -
Static NAT to two servers using same port
I have a small office network with a single public IP address. Currently we have a static nat for port 443 for the VPN. We just received new software that requires the server the software is on to be listening on port 443 across the internet. Thus, essentially I need to do natting (port forwarding) using port 443 to two different servers.
I believe that the usual way to accomplish this would be to have the second natting use a different public facing port, natted to 443 on the inside of the network (like using port 80 and 8080 for http). But, if the software company says that it must use port 443, is there any other way to go about this? If, for example, I know the IP address that the remote server will be connecting to our local server on, is there any way to add the source IP address into the rule? Could it work like, any port 443 traffic also from x.x.x.x, forward to local machine 192.168.0.2. Forward all other port 443 traffic not from x.x.x.x to 192.168.0.3.
Any help would be very much appreciated.
Thanks,
- MikeHi,
Using the same public/mapped port on software levels 8.2 and below would be impossible. Only one rule could apply. I think the Cisco FWSM accepts the second command while the ASA to my understanding simply rejects the second "static" statement with ERROR messages.
On the software levels 8.3 and above you have a chance to build a rule for the same public/mapped port WHEN you know where the connections to the other overlapping public/mapped port is coming from. This usually is not the case for public services but in your situation I gather you know the source address where connections to this server are going to come from?
I have not used this in production and would not wish to do so. I have only done a simple test in the past for a CSC user. I tested mapping port TCP/5900 for VNC twice while defining the source addresses the connections would be coming from in the "nat" configuration (8.4 software) and it seemed to work. I am not all that certain is this a stable solution. I would imagine it could not be recomended for a production environment setup.
But nevertheless its a possibility.
So you would need the newer software on your firewall but I am not sure what devce you are using and what software its using.
- Jouni -
Port 443 used by another web site
All was working well with my evaluation of 2012E. I was able to log on the the access anywhere website. Now the service stopped working and if I try to start the "default website" I get an error message that another website may be using port 443
and it will not start. I checked the bindings on all the stock sites and none used 443 except the default site. I am able to vpn to the server with no issues. I tried messing with the Cert and that did not help. I have probably tweaked things trying to fix
it that has made it worse. I can see nothing else using 443. I read about the folder share issue but the service is not on the service list. I would like to be able to turn back the clock but that option is not available.
Thanks, CkshanIn PowerShell run this:
Import-Module WebAdministration
Get-ChildItem IIS:\Sites
Post back the result.
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+ -
Is it possible to run iSQL*Plus only using Port 443/SSL? I receive the following
error whenever I do not listen for port 80 connections:
[Mon Sep 16 13:29:58 2002] [emerg] OPM: Could not find a valid non-ssl LISTEN ip
and port. The whole process exits.
[Mon Sep 16 13:29:58 2002] [alert] (2)No such file or directory: FastCGI: read()
from pipe failed (0)
[Mon Sep 16 13:29:58 2002] [alert] (2)No such file or directory: FastCGI: the PM
is shutting down, Apache seems to have disappeared - byeAlison,
Thanks for the reply. I think that the httpd.conf file is saying if you want both
types of connections (http and https) you have to listen for both types of connections.
We have other Apache web servers here that only allow https/port 443 connections and
only listen for those type of connections.
Maybe I should have asked my question a different way, is it possible configure
iSQL*Plus via the httpd.conf file (and other .conf files) so that FastCGI will
work with SSL connections? If not, is there a way to configure everything so that
the only non-SSL connections are between FastCGI and iSQL*Plus (i.e., no users can
connect to the web server without using and SSL connection)?
Again, thanks for your help.
Cecil,
After reading the httpd.conf (web server config file), I found this:
# Port: The port to which the standalone server listens. Certain firewall
# products must be configured before Apache can listen to a specific port.
# Other running httpd servers will also interfere with this port. Disable
# all firewall, security, and other services if you encounter problems.
# To help diagnose problems use the Windows NT command NETSTAT -a
Port 7778
## SSL Support
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
Listen 7778
Listen 4443
It looks like you have to listen on a default port, as well as on an https port. iSQL*Plus doesn't actually care which port it is being called from as it is one step removed and has it's own (different) port connection to the web server.
Perhaps this is a question to research from the web server (essentially Apache) point of view? You could try the usenet newsgroups, the Metalink web site, or you could call Oracle Support.
Alison -
Port 443 on UNIX not run as root? Can it be done?
This is probably more a UNIX question then a java question but I would like to know if it is possible to run a java server on port 443 in a non-privileged account sandbox. I don�t like the idea of running my server as root but would like use port 443 for my HTTPS server.
Can this be done? Any ideas?Unix root privileges are required to bind to a port less than 1024, so your program must be setuid root or be started from the root account. However it can drop those priveleges immediately it has the port (i.e. the ServerSocket, by calling setuid() to another account and setgid() to another group. You need a bit of JNI to organize this from Java, sorry.
-
IE Traffic being forced to tunnel via port 443
I have a Windodws 2008 R2 server that has been in production for over 2 years. It is a Hyper-V host running five 2008 R2 guests. Everything wasw running fine until a couple of weeks ago when I installed the latest HP firmware and drivers.
Since then, Internet Explorer cannot open any website except
www.google.com. After uninstalled IE9 and then installing IE10 there was no change. I've scanned the server with malwarebytes and HiJackThis. No problems found. I reset IE and reset the TCP/IP stack. No change. I removed
McAfee AV and I'm now able to access google and one other site. I then installed Fiddler and looked at what is happening and it appears that most websites are trying to tunnel using port 443 rather than using the typical port 80. I'm not sure how
to interpret this. I know name resolution is working and can ping the sites I'm trying to reach. If I go to a standard site, say
www.yahoo.com, the IE window stays blank but if I go to Tools/View Source it appears I'm looking at the HTML from the target site. Below is a summary of the Fiddler output when I tried to go to yahoo.com. Any help
is greatly appreciated as I am all out of ideas.
Thanks,
Joe
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
1 301 HTTP fiddler2.com /UpdateCheck.aspx?isBeta=False 0 no-cache fiddler:4916
2 200 HTTP www.telerik.com /updatecheck.aspx?isBeta=False 620 private text/plain; charset=utf-8 fiddler:4916
3 301 HTTP www.yahoo.com / 212 no-store text/html iexplore:728
4 200 HTTP Tunnel to www.yahoo.com:443 0 iexplore:728
5 - HTTP crl.geotrust.com /crls/secureca.crl -1 iexplore:728
6 200 HTTP Tunnel to www.yahoo.com:443 0 iexplore:728
7 200 HTTP Tunnel to iecvlist.microsoft.com:443 0 iexplore:5104Found that the problem was somewhere in the Windows firewall. Although I had stopped the firewall service during testing something remained hooked in. Another attempt at shutting off the firewall and then starting it again seems to have resolved
the problem. This makes no sense but I'm not arguing with the results. Thanks everyone for your help. -
NW 2004's getting port 443 on unix to work ??
I have loaded 2004s portals in my DEV system, (server at our data center at another site)every thing works ok, change the port from 50101 to 443 in VM but can not get to the server on that port. I believe it a UNIX problem because I know that ports under 1024 on unix are reserved.
How can I get Unix to now let my portales to use port 443.
Thanks for any help.
DarylHi Maurice,
Please check this url.
http://help.sap.com/saphelp_nw04s/helpdata/en/ce/9b673b079b4054e10000000a11405a/content.htm
Please award points for useful answers.
Regards.
Ruchit. -
Error with default SSL port (443) on Solaris
Hi all
I would like to config default SSL port 443 on Solaris but I found this error. What is the problem?
I use WebLogic 8.1 sp3
SSL port : 443
Unable to create a server socket on Channel Default for port: 443. java.net.BindException: Permission denied Perhaps another process is using port 443
I dont sure about permission. How can I do?Oh I can use root start weblogic and I can use 443 port, but when I use other users. I can't use 443 port
-
Iphone & microsoft exchange access without port 443
Hello:
I am trying to setup my microsoft exchange server. My company does not use port 443 for microsoft emails. We use a different port.
Has anyone setup their outlook on a different port? Did it work? and please provide me steps to try to get mine setup.
Any feedback will help.
Thanks,Has this worked with anyone else. I defined the server and port such as:
yourserver.example.com:1423
But I still cannot get my emails? Is there something I'm missing?
Please advice,
Thank you,
Coleen -
Port 443 content rule, can the CSS see inside the cookie ?
Hi Gilles/everyone,
With a content rule using port 443, can we use cookie based stickiness or is the cookie also encrpyted ?
cheers,
Mikealso encrypted.
No way to see it without an SSL module to decrypt.
Gilles. -
New TMG 2010 servers are not listing for port 443
Experts,
We have installed New TMG 2010 servers are not listing for port 443, we have 2 servers installed in same subnet. server can telnet at port 443 to self but can not do to each other.
Do we need to create any access rule in TMG to allow this ?. Please help.
Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.comHi,
Please check the blog that lists the ports used by TMG.
Forefront TMG 2010 Protocols and Ports Reference
http://tmgblog.richardhicks.com/2012/09/10/forefront-tmg-2010-protocols-and-ports-reference/
Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does
not guarantee the accuracy of this third-party contact information.
Best Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Maybe you are looking for
-
Is there a way to recover an overwritten image folder in a site root?
I mistakenly did a 'get' of the 'images' folder in my remote site and it overwrote my local site file, which contained many new photoshopped jpgs that I had spent hours creating and had recently placed there for the site work. I am working in CS5 on
-
The welcome screen always appears upon starting iTunes. (Win7 with newest iTunes update)
The only option to get past is to click either "Agree" or "No thanks" and then I can view my music. However, upon closing and re-opening, the same screen will show up. Very annoying.
-
Transferring games from iphone to iPod
i got a iphone and i am selling it and getting an iPod and i got this one game i am addicted to and i dont want to start the game again from the beginning is there any way i can transfer my game data into my ipod without starting again?
-
The provider did not return a ProviderManifest instance. Metadata is invali
I am using VS2010 SP1 Latest version of ODP.net downloaded for 32 bilt. I am getting the following error message when I try to build my project Error 168: The provider did not return a ProviderManifest instance. FSDEVTL.GET_SUPPLIERS.RefCursorMetaDat
-
New HP Pavilion computer won't display most thumbnails on internet
I have HP Pavilion p6-2120 PC. Product number 00359-OEM-8992687-00010. Running Windows 7. Thumnails in Elements 10 work okay. But can't display thumbnails or small pictures on NY Times slideshow, the 3 headlines under main photo of NY Post, thumbnail